So, I've been hacking away in my homelab as of late, building out a CentOS kickstart server, a Git server, and a puppet server. Right now, I am working on how to roll my puppet agent installs into my kickstart process. I just started on this, so I have yet to nail it down. Continue reading

So first off let me start by saying that I know that there is a ton of information out there on how to get started with Git. Heck, when you create your repo in GitLab it spits these instructions right out in front of your nose. However, what I have found is that most instructions tell you what to do to get started with git, however they do not tell you exactly what you are doing. You end up running a few command and then sit back and try to figure out what you actually just did. Continue reading

As many of you know, a very useful feature of Redhat Satellite is the ability to execute remote commands on a set of servers. You pick a set of servers and plug in your command and schedule the job. Most of the time these remote commands run just fine, however they can error out if the server is not configured to allow remote command execution. Let's discuss how to fix this.
If remote command execution is not allowed, you will probably see an error similar to those shown below, Continue reading

Ok two in a row, now thats strange. Anyway.. I was working on a rebuild and re-ip of my Vcenter Server as I was in the process of changing over to the Vcenter appliance, when i realized that I was going to have to lay hands on a lot of tools and change them to point/connect to my new Vcenter Server instance. Anyway. I started of with VCOPS, and I was surprisingly sucessful. So I figured I would move on to Capacity IQ. Continue reading

So my Windows based Vmware Vcenter Server went belly up again. Something to do with the SSO database not starting. Not being a lover of Windows I decided to give the Vcenter Server Appliance a shot. Install was great and I am kicking myself a bit as to why I spent so much time fighting with Windows. My new Vcenter Server, which has a different IP address then the original Windows box (might make a great Veeam server) was not registered with Vcenter Operations Manager. I was not prepared to reinstall that thing again. So I needed to figure out how to manually unregister a Vcenter instance and add register another one in its place. Continue reading

So I am not going to lie, I am a very sick man, and I am not afraid to admit it. I have a terrible, terrible addiction which is my homelab.
It all started out so innocently... An old Sun Ultra 5 to learn Sparc Solaris at home.. A couple of desktops converted over to rack mount cases and racked in a cheap telecom rack in my unfinished basement. This was very early in my career when I had a lot to learn and plenty of free time to study. However that was many moons ago. Continue reading

Wow, AIX does not like to make anything easy. Nor do they like to make things intuitive. Need to remove a route from AIX, well get ready to have one command to temporariliy remove a route and another command to remove the route for good. Same goes with adding a route. "Quit your bitching, and use Smitty", you say? Well smitty does not make anythign any easier, especially since the UI likes to show you fields that you does not necessarily need you to use. Oh, plus they let you type in them. Asking me for a netmask when adding a static route does not seem like a crazy request to me? But jokes on you, you were not supposed to type anything there.
Continue reading

Clip-art-top-cat-796078So I ran into this odd issue last night working in the old homelab. I was working on troubleshooting an issue with datastore performance on one of my Supermicro ESXi servers. I have two and they are awesome beasts that have been migrated into fancy Cooler Master cases, however that is a tale for another day. Anyway, I digress... the datastore. So yeah, it's a local raid 5 datastore attached to an LSI 9260-8i controller. This particular datastore is 3 600gb 15k SAS drives, and for some reason its slow as all get-out. Continue reading

This is a neat and very useful trick that I learned today. Lets say that you want to be able to monitor and log all keystrokes that are typed as root. This is particularly useful as normally you can only log when a user uses sudo to run a command. If the user has the abilty to become root however, then they have effectively eluded yourattempts to track their activity. Like Thomas Magnum shaking a tail, they are free to scoot around your island with the top down. Continue reading

Auditd gives you the ability to write your own custom audit rules. This functionality allows an administrator to keep a close eye on system calls, file access, and user behavior. This added functionality is especially useful in environments that are requred to adhear to compliance standards that are above and beyond normal standards. Think PCI. Continue reading

Auditd is the userland piece of the RHEL audit tool suite. When its up and running, audit messages sent by the kenel will be send to log files that you have configured. By default, only a small and limited number of messages will be picked up by Auditd; these are mostly messages related to authentication and authorization. Continue reading

So by default when you forward logs to a syslog/rsyslog server all the logs end up in the same file (ususally configured to go to the messages file). Sometimes one may prefer to forward logs from a particular server to a separate logfile. I know for a fact that my sometimes friends in our info-sec group prefers this setup. Continue reading

Rsyslog has the ability to forward/recieve encrypted logs using certificates. I am going to go over a very quick and dirty install and configuration. Since I am again sitting in Starbucks and do not have access to my homelab and... Continue reading

Let me start off by saying that I am not a fan of disabling ctrl+alt+delete, especially if you do not have physical access to a server. Sometimes the old three finger salute is the best and quickest method to reboot... Continue reading

Grub, is the standard boot loader used by each and every Linux type operating system that I can think of. RHEL 6 uses what I guess we are now calling grub 1.o, since grub 2.0 has been released and in use by Fedora for the last few releases. You will also find that grub 2.0 has replaced grub 1.0 in RHEL 7. At some point I plan to explore grub 2 at lenght, but today is not that day (unless something strange happens before I go to bed tonight -- you never know).
Continue reading

Plugable Authentication Modules, or PAM, is the standard mechanism that most Unix and Linux Operatng Systems use for user credential authentication. By design, PAM is broken out into a number of files, each with a specific purpose. Before you can get started with PAM you need to understand a bit about how PAM configuration files are formatted. So lets get into that first before we try to bite off anything more. Continue reading

Ok this one is going to be quick and dirty. I have been sitting in Starbucks for about 3 hours now in what at this point is the hardest and most uncomfortable chair in the world. At this point its almost torture. Continue reading

Ever heard of AIDE, neither had I. Apparently its a simple intrusion detection application that can be used to monitor file changes. It can be confired to monitor permission, ownership, timestamp, or content changes.
Lets install it. Its in the stock Redhat repos, so its a piece of cake to install via yum. Continue reading

Ok, before you even attempt to read this post, I am assuming that you not only understand standard UNIX file permissions, but that you also understand special file permissions. What are special file permissions you ask. Well you know them as setuid, setgid, and the stickbit. If you don't know what these things are then I will give you a very brief introduction. Continue reading

In my previous post I went over standard filesystem attibutes in Linux, and how to set and view those attibutes with lsattr and chattr. You can view that post here if you are interested. Continue reading

Filesystem attibutes can be used to enhance standard file security on ext4 and XFS filesystems by blocking users from being able to delete or override a file. In order to get started you first must see if your filesystem supports... Continue reading

Hey look at this spooky key. Don't be frightened little one. Nothing scary is going to happen to you here. This is a safe place. As a matter of fact, if you stick around you might just learn a thing or two. A thing or two about GPG!
First off do any of us really know what GPG stands for? Well yes we do! It stands for GNU Privacy Guard. RPM Package creators use GPG to apply a digital signature to their packages. If a package was tampered with, then its GPG signature will no longer match what was placed in the original package. Continue reading

6a00d8341c562c53ef01538f8abd65970b-800wi"Whats in the box" -- David Mills
Lets face it, one of your users needs to have a package installed on a system, you tend to do it for them. That is, as long as the package looks safe. Sure, your not going to install an rpm that is clearly dangerous, but as long as the package name looks reasonable and you trust the user, you might actually just go ahead an install it for them without thinking much about it. Hell, I know that I have done the exact same thing from time to time. And I have done it with an unsigned package. Continue reading

The YUM security plugin is a package that allows you to search specifically for security patches applicable to a Redhat/Centos server. This functionality comes in very handy when having to cross reference CVEs to Redhat Security Advisories (RHSAs). If you work closely with anyone in an information security role, you already know how vital functionality is. Continue reading

A Linux Container is an Operating System level virtualization method for running isolated Linux environments on a single base install of Linux. Linux containers are not virtual machines, rather they are isolated virtual environments with dedicated CPU, memory, I/O, and network. One can think of a Linux Container as a light, virtual OS instance. At first glance one hearkens back to the time of Solaris Containers, but there is a lot more going on here then first meets the eye, especially when we throw Docker in the mix.
But first, lets focus on Linux Containers...
Continue reading